Access control systems are known which use cards provided with memory in the form of a magnetic track and which are suitable for introduction into a slot of a terminal or access control device within which the data on the magnetic track is read. When the data is recognized as being adequate, access authorization is deliverd, and at the same time new data is written on the magnetic track before the user can retrieve the card from the slot. The new data is either identical to the preceding data, or else it is modified as a function of parameters which depend on the type of verification performed.
Magnetic card access control devices are sometimes not easy to use because of the narrowness of the slot into which the card must be inserted for accurate reading of its contents by appropriate transducers. Thus, when the access control device is used on some kinds of equipment, eg. on ski-lifts at winter sports stations, card handling by users whose hand are full turns out to be particularly slow and inconvenient.
Magnetic cards also have the drawback that the inscription is relatively easy to read fraudulently using suitable equipment for the purpose of illicitly reproducing the inscriptions on blank cards.
Further, the quantity of data stored on the magnetic track is limited by the physical dimensions of the magnetic track (s), by the number of reading or writing transducers, and by their proximity to the magnetic track.
Finally, card reading equipment is expensive and often poorly adapted to severe environmental conditions. In particular, such equipment requires the presence of relatively expensive magnetic transducers together with means for moving the card relative to the transducers or vice versa which render the equipment both complex and liable to breakdown, especially when it has to operate in locations that are poorly protected against bad weather and variations in temperature.
Control devices have also been proposed in which a token can be coupled to a terminal in order to transfer data between the token and a computer in the terminal. The token includes a shift register memory unit from which data may be read during each terminal transaction. After the data has been processed, new data is written into the shift register memory.
In one embodiment of such a system, coupling between the token and the terminal is by induction. In order to avoid fraudulent rewriting of the register, a verification device is provided to compare a card validity check character with an identification character written in a permanent manner on the token. These two data items must be identical before new data can be written into the memory register of a token coupled to a terminal. In order to avoid the fraudulent action of attempting to determine the identification character of a token by employing a large number of successive trials, the number of failed attempts is counted. When this number exceeds a predetermined threshold, the token is invalidated.
However, the same identification character has to be used on a large number of tokens. There is thus a risk that the identification character of these tokens will end up being discovered, thereby opening the door to the fraud of re-writing the token data corresponding, for example, to a number of units of payment greater than the number of units for which the token was acquired.